QR code use grows in popularity but poses hidden risks

The use of QR codes has risen during the pandemic as they offer a perfect solution to contactless interaction. But many employees are also using their mobile devices to scan QR codes for personal use, putting themselves and enterprise resources at risk. A new study from security platform MobileIron shows that 84 percent of people have scanned a QR code before, with 32 percent having done so in the past week and 26 percent in the past month. In the last six months, 38 percent of respondents say they have scanned a QR code at a restaurant, bar or café,… [Continue Reading]

Original URL: https://betanews.com/2020/09/15/qr-code-popularity-risks/

Original article

Hackers Hijack Routers’ DNS To Spread Malicious COVID-19 Apps

An anonymous reader quotes a report from Bleeping Computer: A new cyber attack is hijacking router’s DNS settings so that web browsers display alerts for a fake COVID-19 information app from the World Health Organization that is the Oski information-stealing malware. For the past five days, people have been reporting their web browser would open on its own and display a message prompting them to download a ‘COVID-19 Inform App’ that was allegedly from the World Health Organization (WHO). After further research, it was determined that these alerts were being caused by an attack that changed the DNS servers configured on their home D-Link or Linksys routers to use DNS servers operated by the attackers. As most computers use the IP address and DNS information provided by their router, the malicious DNS servers were redirecting victims to malicious content under the attacker’s control. “If your browser is randomly opening to

Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/oAPqvUyce_g/hackers-hijack-routers-dns-to-spread-malicious-covid-19-apps

Original article

Ransomware Installs Gigabyte Driver To Kill Antivirus Products

A ransomware gang is installing vulnerable GIGABYTE drivers on computers it wants to infect. From a report: The purpose of these drivers is to allow the hackers to disable security products so their ransomware strain can encrypt files without being detected or stopped. This new novel technique has been spotted in two ransomware incidents so far, according to UK cybersecurity firm Sophos. In both cases, the ransomware was RobbinHood, a strain of “big-game” ransomware that’s usually employed in targeted attacks against selected, high-value targets. In a report published late last night, Sophos described this new technique as follows:
1. Ransomware gang gets a foothold on a victim’s network.
2. Hackers install legitimate Gigabyte kernel driver GDRV.SYS.
3. Hackers exploit a vulnerability in this legitimate driver to gain kernel access.
4. Attackers use the kernel access to temporarily disable the Windows OS driver signature enforcement.
5. Hackers install a malicious kernel driver named RBNL.SYS.
6. Attackers use

Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/w087OEVbOzc/ransomware-installs-gigabyte-driver-to-kill-antivirus-products

Original article

Serious sudo flaw could be exploited to gain root access to Linux systems

Details of a nine-year-old security vulnerability with the sudo utility found in numerous Unix and Linux based operating systems have been revealed. The flaw, which affects the likes of Linux Mint and Elementary OS, could be exploited to give users root privileges on a vulnerable system. Sudo versions 1.7.1 to 1.8.30 are at risk if the pwfeedback option is enabled. See also: Google may have shared your videos with strangers Yet another Windows 10 update is causing problems Hacker demonstrates Remote Code Execution exploit for Windows Remote Desktop Gateway While the vulnerability is undoubtedly serious, there are elements of good… [Continue Reading]

Original URL: https://betanews.com/2020/02/06/sudo-pwfeedback-root-access-flaw/

Original article

Secure APIs by using OAuth 2.0

This tutorial shows you how to implement OAuth 2.0 schemes that are available in IBM API Connect to secure an API.
IBM API Connect provides two implementation modes, each of which provide different OAuth 2.0 schemes:
Confidential mode. A Confidential mode is suitable when an application is capable of maintaining the secrecy of the client secret. Use confidential mode when an application is capable of maintaining the secrecy of the client secret. This is usually the case when an application runs in a browser and accesses its own server when obtaining OAuth access tokens. As such, these schemes make use of the client secret. In the Confidential mode, we have three OAuth schemes: Application, Password and Access code.

Public mode. A Public mode is suitable when an application is incapable of maintaining the secrecy of the client secret. This is usually the case when the application is native on a computer or mobile

Original URL: https://developer.ibm.com/tutorials/securing-apis-oauth2-api-connect/

Original article

Linux kernel RDS flaw affects Red Hat, Ubuntu, Debian and SUSE

If you’re not in the habit of keeping up to date with the latest version of the Linux kernel, now might be a good time to think about doing so. Systems based on versions of the kernel older than 5.0.8 suffer from a severe flaw in the implementation of RDS over TCP. Left unpatched, the flaw could enable an attacker to compromise a system. The National Vulnerability Database entry says: “There is a race condition leading to a use-after-free, related to net namespace cleanup”. Red Hat, Ubuntu, Debian and SUSE are all affected by the flaw, and security advisories have… [Continue Reading]

Original URL: https://betanews.com/2019/05/20/linux-kernel-rds-flaw/

Original article

GoDaddy Removes a Massive Network of Bogus Sales Sites

GoDaddy removed a cluster of more than 15,000 fraudulent websites discovered by a researcher at Palo Alto Networks’ Unit 42 analysis team. From a report: The scam, which sold products like weight loss pills, used breached websites to add legitimacy to its sales and involved using fake celebrity endorsements. Jeff White, the researcher at Unit 42, started researching the network of sites more than 2 years ago when he noticed spam messages that looked visually similar and used similar language. The products were sold on commission as part of an affiliate marketing program and used low initial pricing and tiny print to get people signed up for costly subscriptions. The sales took place on hacked GoDaddy websites, where hackers had set up subdomains on legitimate websites.

Read more of this story at Slashdot.

Original URL: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/BiTT0l3eJx8/godaddy-removes-a-massive-network-of-bogus-sales-sites

Original article

We found a massive spam operation — and sunk its server

For ten days in March, millions were caught in the same massive spam campaign.
Each email looked like it came from someone the recipient knew: the spammer took stolen email addresses and passwords, quietly logged into their email account, scraped their recently sent emails and pushed out personalized emails to the recipient of that sent email with a link to a fake site pushing a weight loss pill or a bitcoin scam.
The emails were so convincing more than 100,000 people clicked through.
We know this because a security researcher found the server leaking the entire operation. The spammer had forgotten to set a password.
Security researcher Bob Diachenko found the leaking data and with help from TechCrunch analyzed the server. At the time of the discovery, the spammer’s rig was no longer running. It had done its job, and the spammer had likely moved onto another server — likely in an effort to

Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/2Li40DMF3O4/

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: